a complete logic fo programs visa nonstandar … · · 2016-12-09a complete logic fo programs...
TRANSCRIPT
Theoretical Computer Science 117 ( 1982) 1!)3-2 12 North-Holland Publishing; Company
193
A COMPLETE LOGIC FO PROGRAMS VISA NONSTANDAR
H, ANDRI?KA, I, NfiMETI and I. SAIN Mathematical Institute oj the Hungariun Academy of Sciences, Budapest, H- IO53 Hungaq
Communicated by M. Nivat Received August 1979 Revised July 1980
Introduction
In Computer Science and related fields there: have been around logical system in which reasoning about consequences of actkt!i: is also possible. I.e. in addition to being able to say “All humans are mortal.“, “Sokrates is human.” etc. we are ako allowed to say “‘After throwing the switch there ,liirill be light.” or “After touching the hot stove there will be pain.“. The new patterns of thought appearing in thete logics are of the kind “After doing action p it will be the case that p.” where 4p is a ormula of classical logic. These patterns of thought are at the very core of human rexoning
and hence such logics have appeared not only tn Computer Science but ads+ in e.g. Child Psychology, Developmental Psychology, Linguistics, Philosophical Lojc. See e.g. Segerberg [3 11.
Dynamic logic is intended to be the common backbone of ajll these and related logics, and accordingly its aim is to findl that basic structure v.vhich is common in all these logics, that basic structure which makes all of them tick. See e.g. Prart [26],
Segerberg [3 11, Berman [S], Hare1 [ 191. Propositional Dynamic Logic is flourishing %n a healthy, convincing and rather
attractive way, its model theory is a clear Kripke style one [L6, 191 which ,Its
beautifully into the system of model theories of well-understood logics. Pro- positional Dynamic Logic is developed coherently along the lines of the well-
established General Methodology for doing Nonclassical Propositional Logic, see e.g. [31]. Specially the proof concept of Propositional Dynamic Logic is a decidable one and1 the set of valid formulas is recursively enumerablt:, see e.g. Pratt [25],
Segerberg [30], Parikh [24]. The notion of a proof concept and the property of ifs bleing decidable or not can be found in Definition 10 of the prell;erlt paper (in Section 4). In short, a proof concept is decidable if the set uf all correct yruofs 6s decioablc.
* Part 1.F will appear In ?hz . \ext issue.
0304-3975/82/0000-0000/$02.75 @ 1982 North-Holland
194 H. AndrbkcP, I. Nhmleti, I. Sain
.g. the prooF concept of classical first order logic is decidable.) A.fl the pub- lished completeness, theorems for Propositional Dyna.mic Logic arie based on decidable proof conceptsV and therefore are completely satisfactor:; [24, 25, 301, Berman [7].
First order Dynamic Logic (see e.g. [19]) is in a state which is not nearly as satisfactory. ‘Inhere are several different alternative model theories around, these are fairly ad-hoc anid the proof concepts used are not decidable, and most of the proposed model theories are such that the set of the vaiid formulas is rot recursively enumerable. We shall refer to the semantics (or model theory) used in [19] as standard (because it refe:;s implicitly to the standard model of arithmetic).
First we tried to select a very small sublanguage S of First order Dynamic L.ogic such that an acceptable completeness theorem could be proved for S (at least). It turned out in Andrbka-Nemeti-Sain [g] that this is impossible with standard semantics even if we are extremally permissive about the choice of S. To alleviate this problem, the standard literature started to use undecidable proof concepts, e.g. infinitely long proofs [ 1’91 Section 3.42, the ao-called Effective o-rule (which is not _
decidable either), the so-caIled Arithmetical Axiomatization of [19] etc. However, there is a nonstandard literature too, (e.g. Csirmaz [ 14,151, Andrkka-Nemeti [l-6], Sain [291, Gergely-&y [Ml, Bir6 [9]) which reacted differently to the negative results.
The present paper belongs to this nonstandard school. (This nonstandard school is sometimes called Explicit Time school; see Section 7 of the present paper.) One of our theses is that since there dots exist a well-established methodology for doing First order Nonclassical Logic (e.g. Galliin [16], Bowen [lo]) by using this methodology one could develop a less ad-hoc model theory for First order Dynamic Logic (similarly to that what is happening with Propositional Dynamic Logic). I.e. one of our aims is, to make First order Dy,namic Logic fit better into the already existing culture of Nonclassical Logics. Some of our considerations in this line are collected in Section 9.
Another aim of the nonstandard school is to find decidable proof concepts for the logics under investigation. In Definition 13 of this paper a proof concept t-N is introduced for First order Dynamic Logic which is decidable. In Theorem 2 this proof concept I---~ is proved to be strongly complete, i.e. for every theory Th and formula q of First order Dynamic Logic we have Th t= 4p iff Th t-” cp. The proof concept t-” provides also a new proof method for program verification. In Section 6 the new proot method +-N ’ IS compared with some old ones. It is proved e.g. that I-~ is strictly stronger than the so-called Floyd-Hoare method.
Concerning the syntax of Dynamic Logic we followed the ideas presented in Pratt [27]. Hence the syntax of Dynamic Logic in the present paper is slightly different from the or?e in e.g. [2Sj but this difference does not affect the expressive power of the lanwtagc. The difference is that our ‘action terms’ or ‘programs’ are not structured. The present paper can be translated to the original structured syntax of Dynamic Logic wirhout changing any of the results, see Sain [28].
Complete logic for reaoning about programs 195
On the connection with E!i~nkin’s higher order model theory
Higher order Logic is strongly incomplete w.r.t. its standard model theory. Henkin devised a nonstandard model theory-for Higher order Logic, see [22]. Higher or&r L,ogic is complete w.r.t. Henkin’s nonstandard model theory [22]. Henkin. s
nonstandard model theory proved to be rather useful and satisfac?ory e.g. in gettint, a
deeper understanding of the nature of h,:gher order reasoning, in applications in computer science etc. Gallin [16] adopted Henkin’s nonstandard method to Intensional Logic. We are applying Henkin’s nonstandard method to First order
Dynamic Logic and Logics of Programs. (This will be especially outstanding in Definition 16 and Theorem 7.) By postulating appo r y+ate axioms we can keep our models to be no more nonstandard than Henkin’s models are. If Henkin’s ncn- standard approach was useful for Higher order Logic we do not see why it would :rot
be useful for First order Dynamic Logic too. For more in this line see [29].
Notations
In the following list we shall recall some standard notations, used throughout tilt: paper, from textbooks on logic (mainly from Chang-Keisler [E], Monk [22]). Th,o reader is advised to skip this list and use it only wher; needed.
d denotes an arbitrary similarity type of classical one-sorted models. 1.~ (ri correlates ariiies (natural numbers) to function symbols and reiation symbols, see Defies ie;.ion 1 ii).
0) denotes the set of natural numbers such that 0 E or).
X = {x, : w E w} denotes a set of variables.
Fd is the set of classical first order formulas of type d with variables in X, cf. e.g. [12, p. 221.
7 denotes a term of type d in the usual sense of logic, see [ 12, p. 221 or [22, p. 166, Definition lO.$(ii)].
Mh denotes the class of all clas$cal one+orted models of type d, see e.g. [ 121 or 122, Definition 11 .l], cr Definitions 1 and 3.
A classical one-sorted model is denoted by a bold italic capital ‘like a or II) and its universe is denoted by the same nonloid capital. F-g. T is the universe of T’, and 1) is that of D.
By a ‘zaluation of the variables’ in a model D a function g: w --or 1) is understood, see
[22, p. 195-j.
T[qlLp denotes the value of the term r in the model under the valuation q of the variables, see [l_2, p. 27, Definition 13.133 or [22, Definition 11.21. If 7 contains no variable, then we write 7 instead of Y[&, if is
understood. I= Q[q] denotes that the valuatiori q satisfies the formula CP in the model
Ed = <&, ,vd, l=5) is the classical first f )rder language of similarity type d, see C29.i.
td denotes a certain many-sorted similarity type, see Definitions 3 and 4
and [22].
196 H. Andrt!ka, I. Nheti, I. Sain
fid is the set of all classical fjrr e order many-sorted formulas of similarity type td, see [22] and Definition 5.
Mt d is the class of all classical many-sorted models of similarity type td, see [22] and Definitions 3 and 5.
&d = (Ftd, I&, I=) is the classical first order many-sorted language of similarity type td, see [22] and Definition 5.
?J? denotes a classical many-sorted model, usually I!!%? E A&. The parts of Pi! are always denoted as ‘%JZ LT- (T, D, I, ext), see Definitions 3 and 4.
AB denotes the set of all functions from A into B, i.e. AB = {f: f maps A into B), see [22, p. 71.
A func?kvz is considered to be a set of pairs. Dom j
Rwf
A seq uewe (Us: s E I!;)
(Expr(x’! : x
denotes the domain of the function f, and denotes the range of the function f, i.e. Dom f = (a: (3b)(a, b) E f}, Rngf =(b: (3a)(a, b)Ef).
df F of ler;gth n is a function with Dom s = n = (0, 1, . . . , n - 1). denotes the function {(s, CT%}: s E S)% Moreover for any expression Expr(...> and class S we define E S) to be the function f: S + Rng f such that (Vx E S) f(x) z Expr(x).
Natural numbers are used in the von Neumann sense i.e. n = (0, 1, . . . , n - 11 and especially 0 is the empty set.
1. Syntglx (of program schemes)
The folloGng is basically the same as the content of pp. 242-244 in Manna [21]* Recall d, X, FY from the list of notations. Now ‘we define the se: Pd of program schemes of type d. The stat Lab of ‘label symbols’ is defined to be the set of all constant terms of type d,
i.e. d-type terms which do not contain variable symbols. Logical symbols: {A, ~,3, =}. Other symbols: {+-, if, goto, halt, ( , ), :}. The set Ud of commarids of type d is defined as:
- (i: x -+ 7) E Ud if i E Lab: x E X, and T is a term of type d and with all variables in X; - (i: if J( goto o) E & if i, u E Lab, x E Fd is a formula without quantifiers; - (i: halt) E & if i’ E Lab. These are the only elements of L’J.
By a program scheme of type d we understand a finite sequence p of commands (elemerlts of Ud) ending with a ‘halt’, in which no two members have the same label, and in which the only ‘halt-command’ is the last one. Further, if (i: if x goto u) occurs in p, then there is u such Ihat the command (u : u) occurs in p. Le. an element p of Pd is of the form
p = ((is: u(J), . . . , (in-j: u,,-I), (in: halt))
where n Eu, (im: u,& Cd for rnsn etc.
Complere logic for reasoning about programs 197
An example for a program scheme can be found between Def,.aition 16 and
Theorem 7 in Part II. The set Lab of labels was chosen the above way for technical reasons only. There
are many other possible ways for handling labels. The anomalies arising GIGS;=: the.
present choice of Lab can be avoided by expanding the type d and by fixing some
simple axioms, see IA” in Definition 14 in Part II.
2. Semantics (of program rschemes)
By a language with semantics we understand a triple L = (F, Ad, I=) of classes such that /= E M X F X Sets where Sets is the class of all sets. Here F is called the syntax of L, A4 the class of models or possible interpretations of L, and f= the satisfaction relation of L. Instead of (a, 6, c) E I= we write a I= h[c], and we say “C satisfies & in a”. See [23,29j, and Stavi [32, p. 2551.
Here we try to develop a natural semantic framework for programs and statements about programs. In trying to understand the ‘Programming Situation*, its languages, their meanings etc., the first qslestion is how an interpretation or model of a program or program scheme p E Pd should look like. The classical i;pproach (Manna [Xl, Ianov [ZO]) says that an interpretation or model of a program scheme is a relational structure D E i& consisting of all the possible data values. The program p contains variables, say Y. The classical approach says that x denotes elements of 13 ius+ as variables in classical first order logic do. Now we argue that x does not denote
elements of D but rather x denotes some kind of ‘locations’ or ‘afddresses’ which may contain different data values (i.e. elements of D) at different points of time. Thus there is a set I of locations, a set T of time points, and a function ext : I x T + D which tells for every location s E I and time point b E T what the content of location s is at time point b. Of course, this content ext(s, b) is a data value, i.e. it is an element of D. Time has a structure too (‘later than’ etc.) and data values have structure too, thus we have structures T and D over the sets T and D of time points and possible data
values respectively. Therefore we shall define a model or interpretation for programs p E Pd to be a four-tuple m = (T, D, I, ext) where T and D are the time structure and
data structure resp., I is the set of locations and ext : I x ZT + D the ‘content of . . . at
tizne . . ’ function (see Definition 4). We shall call the elements of Iinterlsions instead
of locations. The reasons for this and for the name ‘ext’ are explained in Section 9. For a detailed account of the above contsiderations see also Section 8.
Of course, when specifying semantics of a programming language & we may have ideas about how an interpretation !8J? of Pd may look liike and how it may not. These
ideas may be expressed in the form of axioms about (Izn. E.g. we may postulate that :
of $.R has to satisfy the Peano Axioms of arithmetic. For such axioms see Definitions in Part IL These axioms are easy to explress since a closer investifi;atioh bove reveals that it is a model of classical 3-lsorted logic (tinG 9 :Z is being
‘time’, “data’ and ‘intensions’). Thus the axioms can be formed in classical 3-zorted
198 H. Andrdka, I. hhfmeti, I. Sain
logic (Definition 5) in a convenient manner to express all our ideas or postulates about the semantics of the programming language Pd under consideration.
Now wc turn to work out these ideas in detail.
DefMtion d (one-sorted models). (i) By a (classical or one-sorted) similarity type d we understand a pair d = (H, d1) such that all is a function dl : C + w for some set X,
H G C and (WE C) dl(r) > 0. The elem&nts of C are called the symbols of d, and the elements of H the operation
symbols or function symbols of d. Let r E C. Then we shall write n(r) instead of d I(r). (ii) Let d = (H, d 1) be a similarity type, let C = Dom d 1 as above.
E$ a modclof type d we understand a pair 6) = (.D, R) such that R is a function with Dom R = C and (Vr E C) R(r) c d’r’D and if r E H, then R(r) : (d(r)-1?3 + D.
Notation. (D, R,),,x 2 (D, (R,: r E 2)) g (0, R).
‘3.e. D = (D, RJrez is a model of type d ifi R, iis a d (r)-ary relation over D and if r E H, then R, is a (d(r) - 1)-ary function, for all r EC.
ff r E H and d(r) = 1, then there is a unique b E D such that R,. = ((6)) and we shall identify R, with b. If r E H, d(r) = 1, then r is said to be a constant symbol and R, E D is fihe constant element denoted by r in D.
The set )V is called the universe of D.
(iii) Mb g (Ib: D is a model of type d}. 0
Definition 2 (the similarity type t of arithmetic and its standard model P b. ! denotes the similarity type of Peano’s Arithmetic. In more detail, t = ({+, l , 0, A~, ~11 where DoIq={s,+;, 0, l), t(s) = 2, t(+j -” t(m) = 3, and t(0) = t(1) = 1.
The standard model N of t will be sloppily denoted as (0, G, +, l , 0,l) = N instead of the more precise notation N=(o,R) where R(G) = {(n,m)E2m: n sm), . . . , R(l)= 1.
Note that N E A& Cl
Throughout the paper t is supposed to be disjoint from any other similarity type,
moreover if d is a similarity type, then Dom d 1 n Dom tl = 8 is assumed throughout the paper.
efidtion 3 (many-sorted models, [22]). Let S be a set. Then S* denotes the set of
all finite strings of elements of S, i.e. S* gu(“S: n E 6$
(i) By a many-sorted similarity type m we understand a triple m = (S, H, m2) such that m2 is a function m2 : C -t S* for some set C, H c G and (Vr E X) mt(r) & OS.
The elements of S are called the sorts of m. If r E C, then we shall write m(r) instead of mz(r).
Complete logic for reasoning about programs :199
(ii) Let m! be a many-sorted similarity type and let C = Dom rn2 as above.
By a (many-sorted) model of type ??I we understand a p;air (( CJ, : s E S), R) such that &? is a function with Dom IX = 2 and if r E C and HZ(~) = (~1, . . . , s,), then
R(r)c Lp* l l x Usr and if in addition r E H, then R(r) is a function R(r): Us,, x
a l l x u&-r us,*
Us is said to be the universe of sort s of ,%2.
Mm~{VM2 is a many-sorted mo el of type m). 0
Definition 4 (the 3-sorted similarity type td). (i) To any one-sorted similarity type d we associate a 3-sorted similarity type td as follows:
Let d = (H, dl) be an, one-sorted similarity type. Recall that t is a fixed similarity type introduced in Definition 2 and by our convention Dom dl n Dom tl = 0.
Now we define td to be td g (S, K, td2) where (a) S g {t, d, i}, 1st = 3. (S is the set of sorts of td.) Here th,e elements of S are used
as symbols only; we could have chosen S = (0, 1,2} as well.
(b) K g {+, 9, 0, 1, ext} u H. (K is the set of operation symbols of td.)
(c) tdz: (Dam tl u Dam dl u (ext}) + S* such that tdz(ext) = (i, t, d),td&) E “(t) if t(r) = rz and td2(r) E “{d) if d(r) = n. E.g. td@) = (t, t), td#-) = (t, t, t), . . . , tdz( 1) =
0). By these the 3-sorted similarity type td is defined.
(ii) Let ?I@ = (K4, ud, W, R&E be a td-type model. Then (l)-(3) below hokl:
(1) Wi, Rr)rmomq E-‘-M,
Notation.
((Vt, R)~EDOKI tl, (ud, Rr)r~~tvn dl, ui, Rat)
We define
D ’ (ud, df
D ud and 2 Ui.
Convention. Whenever an element of Mtd is denoted by the letter !+$I1 then the parts
of TX)2 are denoted as follows:
The sorts t, d, and i are called time, data and intensions respectively.
the time-structure of !lX. III
200 IQ; Andrika, I. N&met& I. ,Fain
Note that 92&&d iff (TEA+&, oEA&, and ext:I‘X T+QL For a more detailed introduction to many-sorted languages, like Ltd =
(Ftd, A&, I=) defined below, the reader is referred e.g. to [22]. If understanding
Definitions 3-6 here is hard for the reader, then consulting [22] should help since Ltd is the most usual classical many-sorted language of similarity type td.
Definition 5 (the first order 3-sorted language .& = (& M&i9 l=) of type td, L-221). Let d = (H, dr) be any one-sorted similarity type. Recall from Definitions 2
and 4 that t is a fixed similarity type, and td a 3-sorted similarity type with sorts
&It, d, i). (i) We define the set Ftd of first ordcer 3-sorteld formulas of type td: Let
X g {x, T w E o}, Y g {y,,,: w E o} and 2 g {z~: w E ctl) be three disjoint sets (and
xw Z: xi if w :f j E w etc.). We define 2: X, and Y to be the sets of variables of sorts t, d,
and i respectively. .FF denotes the set of all first order formulas of type t with variables in Z, Fd the set
of all first order formulas of type d with variables in X, and Trn: the set of all first
order terms of type f with variables in i!. The set Tmtd,d of terms of type td and of sort d is Idefined to be the smallest set
satisfying conditions (l)-(3) below:
( I ) x C Tmtd.d, (2) extl. yw, 7) E Tmtd,d for any r E Trnf and w E O,
(3) f(7?, l l l 9 7,) E Trntd,d for any f~ ,Y if d(f) = n + 1 and 71, . . . , r,, E Tmtd,+ The set Ftd of first order formulas of type td is defined to be the smallest set
satisfying conditions (4)-(8) below: (4) l7, = 72) E Ftd for any 71, 72 E Tmtd.d, (5) f(T1,. . . , 7,)~ Ftd for any ~1, . . . , r,, E l‘mtd,d and for any r& H if d(r) = n, (6) (yw = yi) E Ftd for any W, j E o,
(7) F;Z C Ftd,
(8) if qpg + E &, then
bQ, (Q A #), (%vQ), (%vQ), &'tvQ): W E 0) E Ftda By this the set Ftd has been defined. Noie that Fd c Ft+
(ii) Now we define the ‘meanings’ of elements of Ftd.
By a valuation (of the variables) into 9X we understand a triple v = (g, k, r) such that g E “T, k E “0 and r E “I. The statement “the valrmiort v = (g, k, r) satisfies Q in
t&77” is denoted by m i= Q[u] or equivalently by zx)2 f= cp[g, (‘et r]. The truth of m I= Q[g, be, r] is defined the usual way (see [22]) which is completely analogous with the one-sorted case. E.g.
Z b (YO = ydg, k, 4 iff PO = 1’1,
,Dz I= (XI = ext(y2, zo))[g, k, rl iff kl = extm(r2, go),
m !== Q[g, k, r] iff II” I== q[g] for Q E FF,
!8 * cp[g, k, r] iff b cp[k] for tp IS Fd etc.
Complete logic for reasoning about programs 201
The formula rp E Ftd is valid in %R, in symbols %R I= 40, iff (Vg E “T)(Vk 6: “D)(Vr E
V m I== cpcg, k 4 (iii) The (3-sorted) language Ltd of + .ype td is defined to be the triple Ltd =
(Ftd, A&, I==) where k= is the satisfaction relation defined in (ii) above. 0
Defisrition 6 (the similarity type d’ and the standard model % of type td’). Let the similarity type d’ ‘be a disjoint copy of t, i.e. let d’ = ({+‘, l ‘, 0’, l’}, d[ ) where
Dom d\ = {sr, +‘, l ‘) 0’, 1’) and d’(+‘) = d’( 0’) = 3: d’(0’) = d’(1’) = 1 and d’(&) = 2.
In defining ‘8 = A&, we shall use the Convention at the end of Definition 4. The
standard model % of type td’ is defiMed to be % 2 (N, N’, %, ext) where N is the
standard model of type t (see Definition 2’,, N’ the same standard model but of type d’, and
(Ws E “o)(Vb E N) ext(s, b) =: s(b). q
In this paper we shall define severs1 sets of axioms in the languag? L*:d, see Definitions 14, 15, 16, 19 in Part II. Each of them will be valid in the standard
model ‘37. Now we define the meanings of progwm schemes p E Pd in the 3-sorted mt~Ms
!?R E A&.
Termjnology. What we call here a d-type model L4 E A& b;as called an ‘tirzicr- pretation’ 4 in [21, Sectilon 4.1.21. Definition 7 is a formalized version of the o11e given in [2 1, pp. 244-2451.
Convention 1. If a program scheme is denoted by p, then its parta are denoted as follows:
k = ((io: UO), . . . , (i,-1: CI,,- I), (in: halt)).
Further,, c E (ti denotes the least element w of o for which (VU 2 w)[x,,
does not occur in p]. I.e. {xw : w g: c} contains all the variables occurring in the
program scheme p, and if c > 0 then xc_ l really occurs in p. We shall use xc as the control variable of p.
Notation. Let (T, D, 1, ext) E k&d, see the Convention at the end of DeSnitionl 4. Let sot . . . , ,s, E I, S = (so, . . . , s,). Let b E T.
Then we define
ext(s’, 6) g (ext(so, b), . . . , ext(s,.,, 6)).
niticm 7 (traces of programs in time-models). Let p E pd and :S E A&. We shflE& use the Convention in Definition 4 and Convention 1. Let so,, . . . , sc E I be arbitra ry intensions in %.R. Let S := (so, . . . q s,_~). The sequence (so, I o . 9 s,) of intens ions is defined to be a truce of p in 2R if the following (i) and (ii) are satisfied:
202 H. Andrgka, i’. Nheti, I. Sain
(i) ext(s,, 0) = i0 and ext(s,, 6) E {im: nr 6 n} for every b E T. (ii) For every 6 E T and for every j s c if ext(s,, b) = i,, then statements (l)-(3)
below hold: (1) If urn = “xw --t r”, then
ext(sj, b + 1) =
i
. Ll+l if j = c,
r[ext(S, b)]o if j = W,
eXtl(Sj, b) otherwise.
(2) If Um = “if x goto v “, then
1
V if j == c and D I= x[ext(& b)],
eXt(Sj, b + 2) = im+l if j = c and D t+ x[ext(J, b)], ext(sj, b) othl:rwise.
(3) If u,n == “halt”, then
eXt(Sj, b + 1) = eXt(Sj, b). El
Definition 8. Let s = (so, . . ..s~)bea.traceofp~P~in!UkM~~.
(i) Let k E % The trace s is said to be of input k iff
(Vj K c) k(j) = ext(+, 0).
I.e. s is of input k iff
No, . . . , kc-l) = (e:rt(so, 0), . . . , ext(s,- 1, 0)).
(ii) Recall from Convention 1 that i,, is the last label of the program p (i.e. i, is,the
label of the halt-command). Let b E X We say that s :errriczate.l; p at time b in 98 iff
ext(s,, b) = i,,.
We shall sometimes write “s terminates at b ” instead of “s terminates p at time b in
YB”. (iii) Let k, q E “D. We define q to be a possible output of p with input k in m iff
(a)-(d) below hold for some s : s = (so, . . . , s,) is a trace of p in 9X. s is of input k. There is b E 7” such that s terminates p at time 5 and
(40, . . . , qt.-l) = (ext(s0, b), . . . , ext(s,+ b)).
(Vj E w )[ j 2 c + 41:~ kj]. If q is a possible output of p with input k in %!, then we shall also say that
(40, , . . , qc-lj is a possible output of p with input (ko, . . . p kc-l). rz1
. A trace (so,. . I , s,) of a program p E Pd correlates to each variable x,,,
(w s c) occurring in the program p dn intension or ‘history’ sw such that the value
Complete hgic for rer:‘oning about programs Z!O3
ext(s,, Q:I can be considered as the ‘value containeld in’ or ‘extension of’ x, at time
point & E. 7’. The intension s,,, E I represents a function ext(s,, -) : T + _D from ti,me points T to data values P). This function is the ‘history’ of the variable x,~ during an
execution of the program p in lhe model %t. Definition 7 ensure,s that the sequence
(ext(so, --), . . . , ext(s,, -)) of functions can be considered as a biehaviour or ‘run’ or ‘trcce’ o:F the program p in %R. Here sc is the intension of tgie “control variable’.
Observe that a trace is nothing but a valuation of some variables of sort i. For a valuation s of the variables of so:rt i into the universe I of 5n we define
272 I= p[s] iff (so, . . . , sc) is a trace of p in %R.
By now we have defined a semantics of program schemes, i.e. we have a langua.ge
(pd, Mtd, +)*
For any set Th E Ftd of ar;ioms we define Mod(Th) !& j& to be the class of all models of Th. Now for every set Th c Ftd we have a language
PLT~ = (Pd, Mod(Th), t==)
where m I= p[s] is defined in Definit%n 7 for every 9X E Mod(Th). We shall call such a language a programming language wit+ semantics. But it is not yet a language for reasoning about programs. That comes in Section 3.
To consider axioma ,‘:‘;GZe classes Mod(Th) of interpretations (instead of a single
interpretation m or all possible ones &J) to be the semantics of Pd, was suggested in works of Burstall and Darlington [ 111, Courcelle and Guessarian [l 319 Gergely and Sz6ts [17, p. 491 etc. We believe that this is a very important point which should be emphasized. We believe that neither considering a single model Y! to be the Semantics nor considering i?& or Md to be the semantic3 could give us really relevant information about semantics of programming. I.e. neither (,P&,, %%, i=) nor (Pd, %, b) nor (pd, Mtd, t==) nor (.& &, some meaning function) could give us really deep insights if we would choose them as the central subject of our study. Note that, e.g. in
[21], only these two extremes were considered. On the ofther hand, investigating (pd, Mod(Th), I=) for all possible choices of Th c I;td can give insights, especially when Th is required to be recursively enumerable. Arguments explaining w’hy this is true were given in [13,17,23], and in c’h.er works on classes of interpretattions by Courcelle, Guessarian and their colleagues.
About using Th
It might look counter-intuitive to execute programs in arbitrary elements of 1Mid.
However, we can collect all our postulates about time into a set Ax E Ftd of axioms which this way would define the class Mod(Ax) E b&J of aE1 intended interpretations of Pd. Then we can use the language PL*,. Such a set Ax of axioms will be proposed iri
Definition 14 in Part II. tf one wants to define semantics with unusual time structure
204 I% AndrtFka, I. Wmeti, , I. S&n
e g. parallelism, h-rondeterminism, interactions etc. then one can choose an Ax
different from the one proposed in this paper.
IL Statements about programs
We shall introduce our language DLd for reasoning about programs or in other
*Iwords the language DLd of our first order dynamic logic.
Defimition 9 (the language DLd of first order dynamic logic). Let d be a (one-sortedj
similarity type. (i) DFd is defined to be the smallest set satisfying conditions (l)-(3) below:
(1) Ft&DFd. (2) (VP E Pd)(V$ E DFd) Cl( p, $) E DFd. (3) (Vcp, # E DFJ(Vx E X ‘3 Y u Z){lq, (+J A $), 3x9) c_ DFci.
By this we have defined the set DFd of dynamic formulas of type 4 (ii) Now we define the meanings of the dynamic formulas in the 3-sorted models
%I E &. Let 98 = ( T9 D, I, ext) E &. Let 5 be a valuation of the variables of Ftd into 98, i.e. let v = (g, k, rj where g E “T, k E “D? and r E “I.
We shall define %! I= cp[ v] for all 50 E DFJ.
(4) If cp E Ftdl then %I2 I= cp[v] is already defined in Definition 5. (5) Let p E Pd and # E DFd be arbitrary. Assume that %R I= $[v] has already been
defined for every valuation v of the variables of Ftd into ??Jk Let g E “T, k E “0, and r E “I. Then
(%@ t= $[g, q, r] for every possible output q of p with input k in n.)
For ‘possible output’ see Definition 8. (6) Let q, fl/ E DFd and let x E X u Y u Z. Then %R I= (lcp)[g, k, r], i% I= (q A
$)[g, I:, r] and E t= (3xcp)[g, k, r] are defined the usual way. Let e.g. w E w. Then lzDt I= (3z,cp)[g, k, r] ifl (there is h E “T sue.: that (V-i E o)(i Z
w + hi = g)) and PI I= 4. [h, k, r]).
(iii! The: langua,se Didd of first order dynamic logic of type d is defined to be the - triple
DLd g (DFd, SC&,,, I=)
where != is de;6 ~4 in (:;i) above. Cl
NotrPition. Let p E Pd and Q!JE DFd. Then O(p, @) abbreviates the formula
-lQ( 13, Wb.
Complete logic for reasoning 1, hut programs “3X
In our language DFd we introduced the logical connectives 1, A, =, 3, 0 only. However, we shall use the following derived logical connectives V, +, *, L’ z fm.ml false, 0 too in the standard sense. E.g. (q v +) stands for the formula 1(7(~, h -i+].
Rem;ark. Standard concepts of programming theory can be expressed in DLd as
shown in Table 1.
Table 1 ---
1.
2.
3,
4,
5.
6.
7.
8.
9.
10.
p is partially correct w.r.t. output condition $
UP, 9)
p is partially correct w.r.t. input condition (cp + O(P, $I)) rp and output condition 4 (in Hoare’s notation cp{ p}#)
p is totaLly carrect w.r.t. output condition O( PAW t,b in the weaker sense
p is totally correct in the stronger sense ~(P,cLbaP,cL~
p terminates 6 ( y, hwe)
if the input of p2 is the output of ~1: vhen G(PI:, WPZ, CL))
p2 is totally correct w.r.t. ~5
p is deterministic (Vxc - ’ ’ ~x2c--1)
for any fixed p satisfies (I, satisfies 2)
[( ( 0 p9 ~~xi=x~+,~j~~~p,(~~xj=Xr.j))] input, if some output cf WP, (jlbG(P, 4) then every output of p
p satisfies the input-output relation (‘Vxo . * * Vx2,4) ho , . * * , G-1, xc,. . *, xzc-1) where xc....,x2c_l is the input ancl K
AcXjzXj+c)+~(P9 rL(XO,. . * ,X*c-l))]
x0, . . * , x,-m1 the output
pr simulates p2 (tiX0” - vxzc-1)
[ ( O p2, A Xj = XjAc + 0 pl, A Xj = X,+j j<c > ( jCc )I
We shall use the model theoretic consequence relation in the usual sense. I.e. let
Th c DFd, cp E DFd and K c_ A&. Then
m I= cy iff (Vg E “T)(Vk E “D)(Vr E “I) %h! I= tp[g9 k, r],
mb=Th iff (VQETh)mI=q,,
Kk=Th iff (VWEK)mk=Th,
Mod(Th) z {m E A&: n I= Th},
and Th t= Q iff Mod(Th) k= Q.
206 H. Andrika, I. Nt!meti, I. Sain
. Comple~teness theorem of DLd
Theorem 1. Let Th c DFd be recursively enumerable. Then {q E DFd: Th i= cp} z’s
recursively enumerable.
roof. This Theorem 1 is a consequence of Theorem 2 below. See. Fact 1 below and Lemmas 3 and 4 in the proof of Theorem 2. 0
Notations, Let X be a set. Then X”’ denotes the set of all finite sequences of
elements of X, i.e. X* == U{“X: m E (0). We shali identify X* with (H: H C_ X and
]Hi < o}*, and also with (X*)*. We thS;iz of X* as the set of “words over the alphabet X”. Sb X denotes the set of
all subsets of X.
Definition 10 (proof concept, [22]). Let L = (F, M, I=) be a language. JBy a pruof concept on the set F we understand a relation t- c Sb(p) x F together
with a set Pr E F* such that Th t- cp iff (H9 w, 40) E Pr for some finite Ei E: Th and for
some W E F*,
The proof concept (t-, Pr) is decidable iff the set Pr is a decidable subset of F* in the usual sense of the theory of algorithms and recursive functions (i.e. if Pr is recursive),
Pr is ca5led the set of proofs, and I-- is called derivability relation. 0
Sometimes we shall sloppily Iwrite “I-- is a decidable proof concept” instead of “(t-, Pr) is a decidable proof concept”.
Note that the usual proof concept of classical first order logic is a decidable one in the sense of the above definition. As a contrast we note that the so called effective w-rule is not a decidabls proof concept.
Fact 1. Let - (f-, Pr) be a decidable proof concept on the set F. Let Th E. F be recursive%y enumerable. Then {cp c F: Th I-- p) is recursively enumerable too.
Proof. Well known from the theory of algorithms. Cl
Theorem 2 (strong completeness of DLd). (i) There is a decidable proof concept ! l”
for the language DLd such that jtir every Thl E DFd and q E DFd we havtv
(ii) 7Ee language DLd is compact.
roof. The idea of the proof is to reduce (or translate) the language DLd to the complete and compact (classical 3-sorted) language Ltd =: (Ftd, A&, I=) by a total computable function 8: DFd -+ Ftd such that condition (*) below holds.
Complete logic for reasoning about programs 207
for e*:e~i cp E DFd and for every WE A& we have %Wcpiff%J2f=6(~). (*)
Suppose we have a ‘translation’ function 8: DFd + Ftd which satisfies (*). Then the prolof of Theorem 2 will be the following:
L,et Th c DFd, cp E DFd. By an kN-proof of p from Th we shall understand a
sequence (El, @[HI, W, 0((p)), cp) such that .E? ETh, ]Hl <w, and @[Ml, w, r9@)) is _
classical first order proof of O(rp) from1 O[H], where @[HI g {6($): t~5 E H}. Since 8: DFd + E;;d is a total computable function, our proof concept I--” wil? be
decidable. Then using Giidel’s completeness theorem for Ltd and property (*:) of $I we
shall prove the completeness theorem, for DLd. First we define the function 8: DFd + Ftd.
Convention 2, Instead of z. we shall often write z.
Notation. Let x E Fd be a formula without quantifiers. Llet x’ = (x0, . . . , xp) be a sequence of variables from X such that the variables occurring in x are among
(x0, l l * 9 x,). Then x[ext(j$ z)] denotes the formula obtained from x such that xi is
substituted in x everywhere by ext(yj, z) for each j g e. If r is a term of type d and with variables in {x0, . . . , x,}, then *we use the notalion
7[ext(ji, z)] similarly. Note that x[ext(j7, z)] E Ftd and r[ext(& z)] E Tmtd,d.
Definition 11 (the function 8: DFd wF,,,). The definition of 8 goes in “L! steps.
(1) First we define a function p : Pal x w + Ftd. Let p = ((io: Uo), . . . , (in : halt)) E Pd be fixed. Recall from Convention 1 that c is
associated to p such that the variables occurring in p are among A+, . . . , xc - I, and xc is
the control variable of p. Let 9 = (yo!, . . . , y,). First we define auxiliary formulas Y(J), v,( p, z, 9) for every
n-2 6 n by statements (i)-(iv) below: (i) If urn = “x, --G 7”, then
df
hl(P, 2, $9 = ext(y,, 2 + 1) = i,n+l A ext(y,, 2 + 1) = ;r[ext(ji, 2 11
A /\ ext(yi, 2 + 1) =ext(yi, 2) . jCc I j#w
(ii) If uW1 = “if x goto v”, then
z VW (17, f, Y) - (x[ext(y’, z)]-* ext(y,, z + 1) = v)
A (lx[ext(jj, z)]-+ ext(y,, z + 1) = &+A
A /\ ext(yi, z + 1) = ext(yj, z) l
ice I
2O:B H. Andrdka, I. Mheti, I. Sain
(iii) If zlm = “halt”, then
v,,(p, 2, 9) “=’ A eXi(yj, 2 -+ l)=eXt(yj, Z). jsc
df df
(iv) V(D) = Y(P, Y) = ext(y,, 0) = i0
A Wz[ ( V ext(y,, 2) == i-> msn
JI A (ext(yc, 2) = im + vm(P9 f, i),l* msn
Now the definition of p is the following: Let w E w. Then
p(p, w) tiff p(p, w)(xo, l l l , xc-1,&v, l l l Jw+c--1)
g 3yo l l l 3Y, [
/\ eXt(yj, 0) =Xi A V(P9 v’) jCc
A 3z ( ext(yo z) = i,, A A ext(yj, z j = xtr+j l jet-2 )I
INote that /,&(p, W) E f;;d SitICe I(\df?l s tl) Vm( p, Z, y’) E &I*
By this we have defined the function i_c: Pd X o +&o
bnark. For the ‘meanings’ of the formulas v( p, y’) and p (p, w) s,ee Fact 2 in Lemma 1.
(2) Now we define 8 : I>Fd + &j by recursion. We shall use the function p; : Pd X o + Ftd defined in step (1).
(i) Let 40 E Ftd. Then
(ii) Let rp, q% E DFd and suppose that 6((p) and 6(#) are alread!y defined. Let p E Pd. The definition of 8(CJip, $)): Let w be the smallest element of w such that w 2 c and xj does not occur in ~5 for
df everyj3 w. Let x’ = (x0,. . . ,x=_~, xw, . . . . x w+c-1). Now D *.
19(-ipp = le(lip’h
(9(327rp)=30e((p) foreveryvEX~Yu2.
Complete logic for nrascning about prolwams 209
By these we have defined a function 6,011 DFd by induction. It is easy to check that
(Vcp E DFJ O(cp:) E Ft,+ Cl
Now we prove that 8 satisfies condition (*e).
Lemma 1. Let q E DFd and m E A&. Then (i) and (ii) below hold:
(ii) Let g E “lY, k E “‘D, r E “I. Then
Proof. It is enough to prove (ii), Let %R E A& and let (g, k, r> tee a valuation of the variables into !l?Z, ix, g E ‘“T,
ke”D, &““I. . The following Fact 2 is easy to check (by inspecting Definition 11):
Fact 2. Let p E pd. (1) %2 t=: v(p)[g, k, r] :iff (9X b p[r] iff (Q, . . . , rc) is a trace of p in !?R.
(2) Let w 2 c. Then !IR k= p~c6, p, w)[g, k, r] iff ik,, . . , , k,+C-l) is a possible output of p with input (ko, . D I# , k,-1).
(3) Let # E DFd. Then
%V I== e(Ur;p, @))[g, k, r] ‘C :!3 I== (p, e(@))[.g, k, ,‘*J
NOW we prove (ii) by induction on cp E DFd. If q E &, ; hen (ii) holds by cp = 8 ( tp ). Let rp, rC, E DFd, v E X u Y C, L.. ;’ and assume that (ii) holds for q and (I/. Then (ii)
holds for a( p, q%) by Fact 2( 3). Then (ii) holds fcr (4) A t+b ), -~cp, 3v cp by @(q A $4 =
d(q) A 6[@:. d(lcp) = 18(p) and 8(3v q) = 3v O(q). Hencu: by the definition of DFd (Definition 9)? (ii) holds for every q E DFJ. Zl
Notatiow Let Th s DFd. Then 6[Th] 2 {6(q): q E Th}.
Lemma 2. l%e language DLd is compact. ,l.e. let Th c DFd, q E DFd be such that Th k Q. ‘Then H b Q for some finite H E Th.
PacBof. Assume Th I= cp. Then d3[Th] I=: 8((p) by Lemma 1 e Since thle classical 3-sorted language Ltd is compact and since O[Th] c F’,d, thlere is a finite G c O[Th] such that
G I= e(q). Then there is a finite H E Th such that G = e[H] and therefore 6[H] I= O(q). By Lemma 1 then H /= q. I3
efinition 12 (classical proof concept (I-, Prc) on _Ftdp [22]). (I--, Prc) denotes thy
usual proof concept of the classical 3-sorted logic Ltd = (6;;d, l&, I=), see Definitions
210 H. Andrika, I. ,Nheti, 6. Sain
10.14-10.27 of [22]. I.e.
Prc 4 {(H, W, &: H c Ftd, IHl c W, 4? E Ftd and (3m E U) [w E ““&d and. w is
a cllassical first order proof of cp from H in the sense of
[22, Definition 10.24]}.,
For any Th C_ Ftd and c;p E F,:d we define
Th t- cp iff (3(& w, cp) E Prc) H e Th.
Note that (+, Prc) is a proof concept on Ftd in the sense of Definition 10. 0
hct 3. I-- is a decidable proof concept (i.e. Prc is &cidable), by Theorem lo,,27 of
1221 .
Next we define our proof concept kN.
Definition 13 (the proof concept (I_~‘, Prn) on DFd). By a tN-proof of q E DFd from
Ths DFd we understand a sequence (H, @[HI, w, O(q)), 40) such that H sTh and (@[HI, w, 6(q)) is a classical proof of 0((p) from &HI. In more detail:
Pm 2 ((H, (@[HI, IV, NrpD, cp): H GDF,, )Hl<w cp E Dh
and (e[H], w, %Q)) E Prc).
Let Th z DFd, q E DFd Then we define
Th kN cp iff (3H E Th)@w)(H, w, V)E Prn.
Note that (I-~, Pm) is a proof-concept on DFd in the sense of Definition 10. 0
Lemma 3. t--N is a decidable proof concept.
Proof. We have to prove that Prn z (DFd)* is decidable. Let n E (DFJi* be arbi-
trary. The algorithm of deciding whether rr E Prn or not goes as fol’lows: If n is not a triple, then rr& Pm. Assume v = (H, w, cp). By definition of (DFd)”
(and by our convention that we identify X’” with {H: H E X, IHI < o)*) WP, have that H is finite. We also have thiat DFd atnd Prc are decida.ble.
If HZ DFd or qp& DFd or w& Prc, then & Prn. Assume HE DFd, cp E DFQ and w E Prc. Since w E Prc we have: that w = (K, v, 4) for some finite K C= Ft$ and for some $EFt&
Compute @[HI. Since 8 is computable, computing 8[H] terminates in finite time.
Compute 8 (4p) similarly. If O[H] f K or e(q) # $, t&n TGZ Prn, else 7~ E Prn. 0
logic for reasoning abm programs 211
Lemma 4 (completeness of t”rle logic (DLd, (t-N, Pm))). Let Th E DFd and’ ~rp E DFd 64 arbitrary. Then
Proof. (1) Assume Th I== Q. Then 6[Th] E O(Q) by Lemma 1. Then by Godel’s
completeness theorem (see [22, Theorem 11.201) B[Th] k 8(Q), i.e. there is a classical first order proof (K, w, ~(Q))E Prc of 0(Q) from B[Th]. Then hr c 8[Th] is finite, i.e,
K = 6l[H] for some finite H c Th. Then (H, @[WI, w, e(Q)), Q) E Psn is an kN-proof of Q from Th. Thus Th kN Q.
(2) Assume.Th I-* Q, Then there is (ri, (@[k?], w, 8((p)), Q) E Prn for some finite JY c Th such that (@[HI, w, 6(~)) E Prc. By soundness of classical first order logic
(Monk [22, Theorem 11.81) @[HI I= O(Q). Then by Lemma 1 iH t= LD, and. therefore ThkQ. q
Lemmas 3 and 4 prove Theorem 2. Moreover by Fact 1, Lennns 3, and L,emma 4
we proved Theorem 1, too. 0
By a logic we understand a pair (L, (I-, Pr)) where L, = (F, M, lb=) is a langua,ge in the sense of Section 2 and (t-, Pr) is a proof concept for L in the sense of Definitkn IO.
The logic (L, (I-, Pr)) is said to be complete if! [(t- , Pr) is a decidable prool! conaeplt ancl for all Th c: F and Q E F we have (Th I= Q iff Th I- Q)].
We define First order Dynamic Logic of type d to be the logic (DLd, (t-N, Prnl) where the proof concept (I--~, Pm) was defined in Definition 13. In Part II we shall often say sloppily “the logic DLd”. In these cases we shall always mean to say “the
logic (DLda (t-N, Pm))“. About the axiomatic or Hilbert style version of the proof concept (t--N, Prn) see the
beginning of Section 5 in Part II. By Theorem 2 our First order Dynamic Logic (DLd, (I-“, Prn)) is complete.
References
[l] H. Andrika, L. Csirmaz, I. NCmeti and I. Sam, More complete logi?s for reasoning about programs Preprint, Math. Inst. Hung. Acad. Sci. (1980).
[2] H. AndrCka and I. Nemeti, A characterization of Floyd provable programs, in: Mathemarica1 Foundations of Computer Science MFCS ‘81 (Springer, Berlin, 1981). Also: IPreprint, Math. Inst. Hung, Acad. Sci. No. 8 (1978).
[3] H. AndrCka and I. NCmeti, Completeness of Floyd method w.r.t. rlonstandard tilme models, Seminar Notes, Math. Inst. Hung. ALad. Sci.-SZKI (1977, in Hungarian). Abstracted in: Bull. Sectjon af Logic, WrocZaw, 7 (1978) 115-120.
[4] H. Andreka, I. NCmeti and I. Sain, Completeness oroblems in verif;cation of programs and program schemes, in: .J, BecvBr, Ed., Mathematical Fiwuiations cjf Computrr Scier;tce 141’79, Lecture Notes in Computer Science 74 (Springer, Berlin, 19’73) 208-2 18
[S] H. Andreka, I. NCmeti and f. Sain, Henkin-type semar.tics for program sc:.,dnes to turn negative results to positive, in: L. Budach, Ed., Fundamentais ol( Computation Theory FCT’79 (Akademie, Berlin, 1979) 18-24.
212 H. A qdreka, I. Nbneti, I. Sain
[6] H. Andreka, I. PJ&neti and I. Sain, Program verification within and without logic, Bull. Se,:tion of Lagic, Wroclaw 8 (1979) 124-130.
[7] F, Berman, A completeness technique for D-axiomatizable semantics, Proc. 11th Annual ACM Symposium on Theory of Computing, Atlanta, i.iA < 1979) 160-166.
[&I F. Berman, Syrrtactic and semantic structure in Propositional Dynasliic Logic, Technical Report NO. 79-07-05, Department of Computer Science, University of Washington, Seattle 98195 (1979).
[g] B. Biro, On the completeness of program verification methods, Bull. Section oflogic, Wrocla w lO(2)
(1981). 1 lOJ K.A. Bowen, Model Theory for Modal Logic (Kripke Models for Modal Predicate Calctili), Synthese
Liijrary 127 (Reidel, Dordrecht, 19.79). [I 11 R. Burstall and J. Darlington, A system which automatically improves programs, Proc. 3rd UCAI
(S.R.I., 1973) 537-542. [ 12) CC. Chang and H.J. Keisler, Model Theory (North-Holland, Amsterdam, 1973). [ 131 B. Courcelle and I. Guessarian, On some classes of interpretations, X Comput. System. Sci. 17 (1978)
388-4 13, (143 L. Csirmaz, Structure of program runs of nonstandard time, Acta Cybernet. 4 (1980) 325-331. [ iSi i,. Csirmaz, Programs and program. verifications in a general setting, Theoret. Comput. Sci. 16 (1981)
lY9-210. [lhj D. Gallin, Intensional and Higher order Modal Logic (North-Holland/American Elsevier, New
York, 1978). [ 171 T. Gergely and M. SzGts, Model theoretic investigations in programming theory, Acta Cybernet. 4
(1979) 45-57. [ 181 T. Gergely and L. cry, Specification of program behaviour through explicit time considerations, in:
SM. Lavington, Ed., Information Proiessing 80 (North-Holland, Amsterdam, 1980) 107-l 11. [19] D. Hare& First-Order Dynamic Logic, Lecture Notes in Computer Science 68 (Springer., Berlin,
1979). [20] Y. I. Ianov, The logical schemes of algorithms, in: Problems of Cybernetics Vol. 1 (Pergamon Press,
New York, 1960) 82-140. (211 %. Manna, Mathematical Ttieory of Computation (McGraw-Hill, New York, 1974). [22] J.D. Monk, -Mathematical Logic (Springer, Rerlin, 1976). [23] I. NCmeti, Connections between algebraic logic and initial algebra semantics of CF languages, in: B.
Diimiilky and T. Gergely, Eds., iMather?iatical Logic in Computer Science, Colloquia M:athematica Stieietatis Janos Bolyai 26 (North-M:$land, Amsterdam) 25-83, 561-605.
[24] R. Parikh, The completeness of propositional dynamic logic, in: J. Winkowski, Ed., Mathematical Foundations of Computer Science 2978, Lecture Notes in Computer Science 64 (Springer, Rerlin, 1978) 403-415.
1251 V-R. Pratt, A practical decision method for propositional dynamic logic, Proc. 20th Annual ACM Symposium on Theory of Computing, San Diego, CA (1978) 326-337.
[26] V-R. Pratt, Models of program logics, Proc. ZOrh IEEE Conference on Foundations of Computer Science, San Juan, PR (1979).
127 ] V.R. Pratt, Flowgraph logic and the elimination of K!eene elimination, XIT Preprint No. 4/ 17/80 (1980).
[28] I. Sain, First order dynamic logic with decidable procfs and workable m<:del theory, in: Fundamen - tals of Computatirln Theory FCT ‘$1 (Springer, Berlin, 1981).
1291 I. Sam, There are general rules for specifying semantitis: Observations on Abstract Model Theory, CL & CL-Camput. Linguist. Comput. Lang. 13 (7979) 251-282.
[301 K. Segerberg, A completeness theorem in the modal logic of programs, abstract, Notices Amer. Math. Sot. 24 (61 (1977) A-552.
lY311 K. Sewberg, Applying modal logic, Srltdilr Logica 39 (1980) 275-296. [32] J. Stavi, Compactness properties of infinitary and abstract languages, in: A. Marintyre, L. Pacholski
and J. Paris, Eds., Logic Colloquium ‘77 (North-Holland, Amsterdam, 1978) 263-275.